Scientists have devised a way to defeat the Meltdown and Spectre security vulnerabilities caused by speculative execution in modern processors.
The problem with a bolt-on approach to API security is that these API frameworks and toolkits are inherently insecure by definition and were never designed with security in mind, but rather designed for integration.
Developers & vendors of numerous third-party security, forensics & incident response products for Mac computers have started issuing patches after researchers realised their software wasn't interacting with Apple's code-signing API.
The Mozilla Foundation Security has released an advisory to patch critical vulnerabilities in Firefox and Firefox ESR products which could allow a remote attacker to take control of an affected system.
Security researchers are reporting a phishing attack technique which hackers may be using in the wild, and could put websites at risk of attack.
Enterprise Agreements whereby vendors agree to sell a specified amount of software and hardware over a certain timeframe are evolving to offer more customer support and expanding to include security and software updates.
The botnet operators behind IcedID and Trickbot are collaborating with each other and possibly sharing their ill-gotten gains, according to security researchers.
Security researchers have uncovered several security vulnerabilities in blockchain platform EOS, some of which can be exploited by hackers to remotely execute arbitrary code on EOS nodes.
The biometric side of the cyber-security equation is getting ready to put fingerprint readers in its rear-view mirror as newer technologies coming into the market prove more capable.
Hackers filed more than 100 security vulnerability reports during the 29-day Hack the DTS (Defence Travel System) bug bounty initiative and amassed nearly US$ 80,000 (£60,183) for their efforts.
Newly published research suggests 27 percent of enterprise security teams see more than 1 million alerts per day, and more than half of IT professionals admit they are struggling to identify critical incidents and false positives alike.
Vulnerability patched in Git source code versioning software. Security researchers have discovered a number of flaws in Git that could have enabled hackers to run remote code on a victim's PC.
Security researchers at Tencent's Keen Security Lab have revealed that Internet-connected systems in several BMW cars feature vulnerabilities that allow malicious actors to hack into such vehicles via a set of remote attack surfaces.
Increasing value of cryptocurrency sees hackers look out for mining hardware. Security researchers have discovered a large Satori botnet that is scanning the internet for exposed Ethereum cryptocurrency mining rigs.
Hiring more talent does not mean better security. No amount of additional talent or resource will improve your security posture if you don't fix your underlying broken patching processes. Automation is the answer.
After patching a confusion flaw in Flash last week, Adobe today issued security updates for Adobe Acrobat and Reader for Windows and MacOS.
A group of European security researchers readied the release of a paper for early 15 May detailing vulnerabilities in PGP/GPG and S/MIME email encryption that could reveal the plaintext of encrypted emails.
Security researchers recently discovered the presence of 38 malicious apps on the Google Play Store that were not only disguised as games and education apps but also redirected victims to install other apps from the Play Store.
A security vulnerability has been discovered in a software framework used web apps that could enable hackers to execute remote code. The problem could affect many web apps that use the framework.
LG on Monday released a security update fixing a high-severity remote code execution vulnerability found in the default keyboards of all its mainstream smartphone models.
The Security of Network Information Systems (NIS) Directive, which aims to ensure that critical infrastructure is protected from cyber-attacks and computer network failure, has come into force today with fines for non-compliance.
Security researchers have discovered a new form of the Hide and Seek IoT malware. The latest version can now survive a reboot of the infected device.
Microsoft Corporation's Patch Tuesday security update yesterday fixed 67 bugs, including two that have been actively exploited in zero-day attacks, and another two whose details became public.
Last year, Logitech announced that the security certificate of its Harmony Link IoT device, which allowed users to control their home cinema setup using a universal remote control, was to expire on 16 March 2018.
Armor for Android resurfaces as Android's Antivirus. A fake anti-virus app has re-emerged on Android devices, according to security researchers.
Tenable Security researchers have revealed a Zero Day flaw in two Schneider Electric industrial controllers that if exploited could give an attacker an attack the ability to remotely execute code with high privileges.
Critical vulnerability allows attackers to bypass authentication. Security researchers have found flaws in fibre-optic broadband routers that enable hackers to bypass security and takeover devices.
New research has revealed that even though people are now more aware of security best practices than in the past, their password management has remained largely unchanged.
Security researchers have found a flaw in Windows that could allow hackers to crash a system when they insert a USB stick with specially crafted code. The problem happens even when Windows is locked.
Checkmarx security researchers developed a proof of concept attack that would allow and enable an Amazon Echo to continue recording a user long after a request is made.